Security News > 2022 > January > Critical Cisco StarOS Bug Grants Root Access via Debug Mode
Cisco released a security update warning about a handful of vulnerabilities lurking in its networking technology, led by a critical bug in the company's StarOS debug services.
Cisco pushed out a fix for its Cisco StarOS Software on Wednesday.
Cisco StarOS Software works with Cisco ASR 5000 devices to operate virtual mobile networks for enterprises and service providers.
In addition to the fix for its Cisco StarOS Software debug service, Cisco also provided the following trio of security updates for mobile network operators running both Cisco hardware and software for virtualization.
Other Cisco products that are running an outdated version of the Cisco Unified Threat Defense Snort Intrusion Prevention System Engine for Cisco IOS XE Software or Cisco UTD Engine for Cisco IOS XE SD-WAN Software are also vulnerable, which could include Cisco routers and edge platforms, the company warned.
If successful, the attacker could gain access with the ConfD privilege access, which is typically root access, Cisco warned.
News URL
https://threatpost.com/critical-cisco-staros-bug-root-access-debug-mode/177832/
Related news
- Critical Kubernetes Image Builder flaw gives SSH root access to VMs (source)
- Critical default credential in Kubernetes Image Builder allows SSH root access (source)
- Critical Kubernetes Image Builder Vulnerability Exposes Nodes to Root Access Risk (source)
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- VMware fixes critical RCE, make-me-root bugs in vCenter - for the second time (source)
- Cisco bug lets hackers run commands as root on UWRB access points (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- Cisco scores a perfect CVSS 10 with critical flaw in its wireless system (source)